"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

"It just happens and it’s not noticeable to the end user? " - him who wants to answer this would need to know details about the encryption that is used.
"Does this give the IT company more control of his laptop to remotely view it etc ?" - no, definitely not.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

"What’s the difference between beofre and after" - you be prompted to key in password even at bootup time before OS gets loaded. Depends if you set that policy, can be transparent too. Full disk encrypted so if you preboot to external media or network to get to command line, you still cannot access the disk. Otherwise looks and feel still same. Performance is minimally impacted depending on hardware too. Also you may even notice new volume created after encryption. Recovery and cloning of disk not that straightforward so operation wise need to tweak in decrypting as necessary

A friends IT dept want to encrypt his Laptop Laptops get lost/stolen/misplaced. The company wants to limit the loss of company data (AKA Data Loss Protection)

What’s the difference between before and after Normal disk recovery options are gone as the data is encrypted rather than being in plain sight

Are there any keys that need to be kept after the event or is it like changing from FAT to NTFS ? It just happens and it’s not noticeable to the end user?

depends on many factors, primarily is the source of the encryption. Some laptops have self encrypting drives on boot up you enter a password to access the drive. It may be transparent to the user they just login as usual. The recovery keys may be stored in a usb drive or in the companies active directory.

Does this give the IT company more control of his laptop to remotely view it etc ? No. That is entirely different.
The company MAY be able to remotely wipe company data off of the drive. This will be in the companies network access policies.

company data always remains the property of the company. You may or may not own the physical device (laptop)